[openssl-users] More secure use of DSA?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Sep 6 13:10:21 UTC 2016
>> There is a need to combine algorithms of different kind. Since the security of
>> the chain is that of its weakest links - it necessitates comparison between
>> those different algorithms.
>
> Only if you think everything has to be equally protected.
Usually it is not “equally” but “at least at that level” and “for the smallest cost”. Which, for example, means that you want to protect your wrapped 128-bit symmetric key with something of at least 128 bits of presumed strength – but don’t want to pay for wrapping it with something 1024-bit strong.
> That's the assertion I am not thrilled with. Sometimes knowing who sent it
> is more important -- the metadata -- and sometimes the content -- say,
> the value of the check -- is more important.
True. But for practical reasons people don’t want to define gazillions of cipher suites, as it would be a nightmare to define and manage. Nor do they want to have everything independently negotiable because it would introduce security holes, and besides implementations would surely get it wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5227 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160906/2596c682/attachment.bin>
More information about the openssl-users
mailing list